Critical Alert
IP 36.111.150.151 is a critical-risk address operated by China Telecom's Beijing Tianjin Hebei Big Data Industry Park Branch (AS141679) that has generated 207 abuse reports across 20 automated honeypot sensors between January and May 2026, with the dominant threat profile centering on sustained SSH brute-force attacks and evidence that the address has been actively exploited as an attack platform.
The volume and consistency of malicious activity detected from this IP are significant. With an activity frequency rating of 8 out of 10 and a threat level assessed at the maximum of 10, automated honeypot sensors captured 14 reports specifically documenting SSH brute-force attempts, 18 reports of general hacking activity, and 4 reports indicating the host itself has been exploited. The presence of exploited-host reports is particularly concerning, as this pattern suggests the address may be operating under the control of threat actors rather than representing a misconfigured or compromised enterprise asset. All reported activity occurred within a five-month window from early 2026, indicating an active and persistent campaign rather than opportunistic scanning.
SSH brute-force attacks represent one of the most common initial-access vectors targeting publicly exposed servers worldwide. Attackers systematically attempt credential combinations against the SSH service to gain shell access, after which they can deploy backdoors, exfiltrate data, or use the compromised host to pivot further into a network. When combined with exploited-host classification, this IP poses a dual risk: it may be actively participating in credential-stuffing campaigns against thousands of internet-facing servers while simultaneously being leveraged by adversaries for relay or anonymization purposes. Organizations with SSH services accessible from the internet face direct exposure to this threat actor.
Site operators should immediately block 36.111.150.151 at the network perimeter firewall and implement fail2ban or equivalent log-based blocking tools to automatically ban repeated SSH authentication failures. Enforcing key-based authentication exclusively, disabling root login over SSH, and moving the SSH service to a non-standard port materially reduces susceptibility to automated brute-force tooling. Organizations operating publicly accessible SSH services should audit access logs for connections originating from this address and review authentication logs for any successful logins. Implementing multi-factor authentication for privileged access provides an additional security layer should credentials be compromised despite other controls.
HK 
UA 
IR 
NO